Solved! Use SEMMAQ.EXE (Backdoor Nitol) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

SEMMAQ.EXE – Backdoor Nitol removal

FileMD5Virus Alias
SEMMAQ.EXE dfbc68c9f6332b00a1162f2589599518 Backdoor Nitol
SEMMAQ.EXE dfbc68c9f6332b00a1162f2589599518 Trojan SuspiciousFile
SEMMAQ.EXE dfbc68c9f6332b00a1162f2589599518 Trojan Artemis
SEMMAQ.EXE dfbc68c9f6332b00a1162f2589599518 Trojan Eldorado
SEMMAQ.EXE dfbc68c9f6332b00a1162f2589599518 Trojan Downloader
SEMMAQ.EXE dfbc68c9f6332b00a1162f2589599518 Trojan OnLineGames

SEMMAQ.EXE size: 56832 bytes
SEMMAQ.EXE hash: DFBC68C9F6332B00A1162F2589599518

Created files:

%SysDir%\gei33.dll
%SysDir%\semmaq.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\aspnet_statesjrq\Type: 10000000
HKLM\System\CurrentControlSet\Services\aspnet_statesjrq\Start: 02000000
HKLM\System\CurrentControlSet\Services\aspnet_statesjrq\DisplayName: ASP.NET State Servicesyta Transaction Coordinator Service
HKLM\System\CurrentControlSet\Services\aspnet_statesjrq\ImagePath: %WinDir%\System32\semmaq.exe
HKLM\System\CurrentControlSet\Services\aspnet_statesjrq\Description: Provides support for out-of-to-processmid Transaction Coordinator Service.

Detected by UnHackMe:

SEMMAQ.EXE
Default location: %SYSDIR%\SEMMAQ.EXE

Dropper information:
MD5: dfbc68c9f6332b00a1162f2589599518
File size: 56832 bytes

Leave a Reply